A voir également:
- Trojan win32 bho kd
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32:malware-gen ✓ - Forum Virus
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Puabundler win32 candyopen - Forum Virus
- Trojan agent ✓ - Forum Virus
61 réponses
pour sdfix ,j'ai un petit souci apré run this tu me di de taperY mais il y a pas Y mais A,B,C D...je dois faire quoi???je tape quoi?
non je suis pa en mode sans échec faut que je redémarre pc alors puis sdfix?d'aborsmode sans echec puis sdfix???
voici aussi rapport bitfender au fait!!!
Temps
02:25:22
Fichiers
181722
Directoires
5624
Secteurs de boot
2
Archives
2323
Paquets programmes
8710
Résultats
Virus identifiés
1
Fichiers infectés
8
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
8
Info sur les moteurs
Définition virus
892936
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp0
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp0
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp0
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp1
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp1
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp1
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp2
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp2
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp2
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp3
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp3
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp3
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp4
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp4
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp4
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp5
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp5
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp5
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX]
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX]
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX]
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].11
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].11
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].11
Supprimé
voici aussi rapport bitfender au fait!!!
Temps
02:25:22
Fichiers
181722
Directoires
5624
Secteurs de boot
2
Archives
2323
Paquets programmes
8710
Résultats
Virus identifiés
1
Fichiers infectés
8
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
8
Info sur les moteurs
Définition virus
892936
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp0
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp0
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp0
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp1
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp1
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp1
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp2
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp2
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp2
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp3
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp3
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp3
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp4
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp4
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp4
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp5
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp5
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\tmp5
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX]
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX]
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX]
Supprimé
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].11
Infecté par: Trojan.Spy.Bzub.NGP
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].11
Echec de la désinfection
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].11
Supprimé
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut,
SDFix :
Télécharger sur le bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
= Double-clic SDFix.
= Clic Install
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes).
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Pour démarrer en mode sans échec :
1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
2/ -Redémarrez l’ordinateur.
3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.
Une fois sous windows :
------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport est généré, Report.txt
= Copier/Coller sur le forum.
_____________________________________________________
Suis bien les étapes et y'aura pas de problème :)
SDFix :
Télécharger sur le bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
= Double-clic SDFix.
= Clic Install
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes).
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Pour démarrer en mode sans échec :
1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
2/ -Redémarrez l’ordinateur.
3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.
Une fois sous windows :
------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport est généré, Report.txt
= Copier/Coller sur le forum.
_____________________________________________________
Suis bien les étapes et y'aura pas de problème :)
rapport sdfix
SDFix: Version 1.130
Run by melanie on 22/01/2008 at 23:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\melanie\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
oyprzasc
Path:
system32\drivers\uhmjlkzy.dat
oyprzasc - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service oyprzasc - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\windows\system32\drivers\uhmjlkzy.dat - Deleted
C:\WINDOWS\SYSTEM32\CL.DLL - Deleted
Removing Temp Files...
ADS Check:
C:\windows
No streams found.
C:\windows\system32
No streams found.
C:\windows\system32\svchost.exe
No streams found.
C:\windows\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:40:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Ubi Soft\\Scrabble\\Scrabble.exe"="C:\\Program Files\\Ubi Soft\\Scrabble\\Scrabble.exe:*:Enabled:Scrabble"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\melanie\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 20 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 11 Feb 2006 104 ..SHR --- "C:\WINDOWS\system32\01A5505DC2.sys"
Thu 3 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 3 Jun 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Thu 13 Jan 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Thu 13 Jan 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 13 Jan 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Sun 1 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT1.tmp"
Tue 8 Mar 2005 8 ...H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
SDFix: Version 1.130
Run by melanie on 22/01/2008 at 23:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\melanie\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
oyprzasc
Path:
system32\drivers\uhmjlkzy.dat
oyprzasc - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service oyprzasc - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\windows\system32\drivers\uhmjlkzy.dat - Deleted
C:\WINDOWS\SYSTEM32\CL.DLL - Deleted
Removing Temp Files...
ADS Check:
C:\windows
No streams found.
C:\windows\system32
No streams found.
C:\windows\system32\svchost.exe
No streams found.
C:\windows\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:40:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Ubi Soft\\Scrabble\\Scrabble.exe"="C:\\Program Files\\Ubi Soft\\Scrabble\\Scrabble.exe:*:Enabled:Scrabble"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\melanie\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 20 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 20 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 11 Feb 2006 104 ..SHR --- "C:\WINDOWS\system32\01A5505DC2.sys"
Thu 3 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 3 Jun 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Thu 13 Jan 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Thu 13 Jan 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 13 Jan 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Sun 1 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT1.tmp"
Tue 8 Mar 2005 8 ...H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
ComboFix :
Télécharge combofix.exe(par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
_____________________________________________________
Puis refait un log hijackthis merci.
Télécharge combofix.exe(par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
_____________________________________________________
Puis refait un log hijackthis merci.
Re,
que voila une bonne chose de faite :
C:\windows\system32\drivers\uhmjlkzy.dat - Deleted
C:\WINDOWS\SYSTEM32\CL.DLL - Deleted
tu remets un rapport hijackthis.
Bonne suite et fin à vous deux.
que voila une bonne chose de faite :
C:\windows\system32\drivers\uhmjlkzy.dat - Deleted
C:\WINDOWS\SYSTEM32\CL.DLL - Deleted
tu remets un rapport hijackthis.
Bonne suite et fin à vous deux.
voici le rapport combofix
je te remerci encore de m'aider
mon pare feu avait bloquer messenger es ce normal ,je l'ai débloquer!!!
ComboFix 08-01-23.2 - melanie 2008-01-23 8:01:55.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.122 [GMT 1:00]
Endroit: C:\Documents and Settings\melanie\Local Settings\Temporary Internet Files\Content.IE5\4L6V4HUF\ComboFix[1].exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWay
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-22 23:22 . 2008-01-22 23:22 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-18 17:01 . 2008-01-18 17:01 <REP> d-------- C:\VundoFix Backups
2008-01-18 12:24 . 2008-01-18 12:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-17 18:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 15:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-17 14:10 . 2008-01-17 14:10 <REP> d-------- C:\Program Files\CCleaner1
2008-01-17 05:35 . 2008-01-22 19:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-06 23:13 . 2008-01-06 23:13 <REP> d-------- C:\Program Files\Gamenext
2008-01-04 12:05 . 2008-01-04 13:27 <REP> d-------- C:\Program Files\Panda Security
2008-01-03 22:30 . 2008-01-03 22:30 <REP> d-------- C:\Program Files\Zylom Games
2008-01-02 16:04 . 2008-01-02 16:04 <REP> d-------- C:\Program Files\Trend Micro
2008-01-02 15:45 . 2008-01-02 15:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 16:28 . 2008-01-01 16:28 <REP> d-------- C:\Program Files\Luxor
2007-12-29 20:40 . 2007-12-29 20:40 <REP> d-------- C:\Program Files\MumboJumbo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 07:29 --------- d-----w C:\Program Files\Google
2008-01-14 18:57 --------- d-----w C:\Program Files\Ricochet Lost Worlds Recharged
2008-01-10 11:48 --------- d-----w C:\Program Files\eMule
2008-01-08 16:01 --------- d-----w C:\Program Files\Extrafilm FotoFacil
2007-12-26 09:16 40,737 ----a-w C:\windows\system32\rightonadz-uninst.exe
2007-12-26 09:15 79,875 ----a-w C:\windows\system32\adssite-remove.exe
2007-12-26 09:15 77,353 ----a-w C:\windows\system32\Adssite_sidebar_uninstall.exe
2007-12-24 12:02 --------- d-----w C:\Program Files\Mindscape
2007-12-24 12:01 --------- d-----w C:\Program Files\BoontyGames
2007-12-23 09:54 --------- d-----w C:\Program Files\Wipeout XL
2007-12-19 18:12 --------- d-----w C:\Program Files\PDAmill
2007-12-16 12:12 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
2007-12-15 16:07 --------- d-----w C:\Program Files\Trymedia
2007-12-15 16:07 --------- d-----w C:\Program Files\FireFly Studios
2007-12-15 16:07 --------- d-----w C:\Program Files\Astronoid
2007-12-15 16:07 --------- d-----w C:\Program Files\Absolutist.com
2007-12-15 16:07 --------- d-----w C:\Program Files\3D-WinBrick2001
2007-12-10 19:08 --------- d-----w C:\Program Files\Micro Application
2007-12-04 14:56 93,264 ----a-w C:\windows\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\windows\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\windows\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\windows\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\windows\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\windows\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\windows\system32\AVASTSS.scr
2007-12-03 12:34 282,624 ----a-w C:\windows\system32\Adssite_sidebar.dll
2007-12-01 08:59 --------- d-----w C:\Program Files\Alawar
2007-12-01 08:47 --------- d-----w C:\Program Files\AllFive XP
2007-11-28 10:04 --------- d-----w C:\Program Files\MSN Games
2007-11-07 09:28 728,576 ----a-w C:\windows\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\windows\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\windows\system32\wmasf.dll
2000-01-07 09:53 696,320 ----a-w C:\Program Files\Fichiers communs\XCMHook.dll
2000-01-06 13:57 24,576 ----a-w C:\Program Files\Fichiers communs\XCPCMenu.exe
2006-02-11 21:25 104 --sh--r C:\windows\system32\01A5505DC2.sys
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_19.10.56.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 00:21:00 118,784 ----a-w C:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-20 11:43:24 77,824 ----a-w C:\windows\BDOSCAN8\bdupd.dll
- 2008-01-17 17:58:30 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 07:00:44 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 17:58:30 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 07:00:44 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 17:58:30 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 07:00:44 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 17:58:31 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 07:00:44 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 17:58:31 7,634,944 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-23 07:00:45 7,634,944 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 17:58:31 147,456 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 07:00:45 147,456 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 03:53:33 163,328 ----a-w C:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-22 22:22:46 7,634,944 ----a-w C:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-22 22:22:47 147,456 ----a-w C:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-22 03:53:33 163,328 ----a-w C:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-22 22:22:27 7,634,944 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-22 22:22:27 147,456 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-16 18:34:48 213,048 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-23 06:39:52 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06 204843]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 08:42 35328]
"ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2005-05-27 14:59 323584]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2006-03-27 21:09 24576]
"BigDogPath"="C:\windows\VM_STI.exe" [2004-06-09 15:37 40960]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=C:\windows\pss\GStartup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=C:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Fichiers communs\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\windows\System32\P2P Networking\P2P Networking.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-30 16:35 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whAgent.exe
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [2005-01-13 18:09]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
S2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" []
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;C:\windows\system32\DRIVERS\DC31VID.sys []
S3 PA7333I;Kodak Webcam Explorer Bulk Mode Device;C:\windows\system32\DRIVERS\DC31Bulk.sys []
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-07-22 15:09]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 08:08:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
je te remerci encore de m'aider
mon pare feu avait bloquer messenger es ce normal ,je l'ai débloquer!!!
ComboFix 08-01-23.2 - melanie 2008-01-23 8:01:55.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.122 [GMT 1:00]
Endroit: C:\Documents and Settings\melanie\Local Settings\Temporary Internet Files\Content.IE5\4L6V4HUF\ComboFix[1].exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWay
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.
2008-01-22 23:22 . 2008-01-22 23:22 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-18 17:01 . 2008-01-18 17:01 <REP> d-------- C:\VundoFix Backups
2008-01-18 12:24 . 2008-01-18 12:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-17 18:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 15:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-17 14:10 . 2008-01-17 14:10 <REP> d-------- C:\Program Files\CCleaner1
2008-01-17 05:35 . 2008-01-22 19:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-06 23:13 . 2008-01-06 23:13 <REP> d-------- C:\Program Files\Gamenext
2008-01-04 12:05 . 2008-01-04 13:27 <REP> d-------- C:\Program Files\Panda Security
2008-01-03 22:30 . 2008-01-03 22:30 <REP> d-------- C:\Program Files\Zylom Games
2008-01-02 16:04 . 2008-01-02 16:04 <REP> d-------- C:\Program Files\Trend Micro
2008-01-02 15:45 . 2008-01-02 15:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-01 16:28 . 2008-01-01 16:28 <REP> d-------- C:\Program Files\Luxor
2007-12-29 20:40 . 2007-12-29 20:40 <REP> d-------- C:\Program Files\MumboJumbo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 07:29 --------- d-----w C:\Program Files\Google
2008-01-14 18:57 --------- d-----w C:\Program Files\Ricochet Lost Worlds Recharged
2008-01-10 11:48 --------- d-----w C:\Program Files\eMule
2008-01-08 16:01 --------- d-----w C:\Program Files\Extrafilm FotoFacil
2007-12-26 09:16 40,737 ----a-w C:\windows\system32\rightonadz-uninst.exe
2007-12-26 09:15 79,875 ----a-w C:\windows\system32\adssite-remove.exe
2007-12-26 09:15 77,353 ----a-w C:\windows\system32\Adssite_sidebar_uninstall.exe
2007-12-24 12:02 --------- d-----w C:\Program Files\Mindscape
2007-12-24 12:01 --------- d-----w C:\Program Files\BoontyGames
2007-12-23 09:54 --------- d-----w C:\Program Files\Wipeout XL
2007-12-19 18:12 --------- d-----w C:\Program Files\PDAmill
2007-12-16 12:12 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
2007-12-15 16:07 --------- d-----w C:\Program Files\Trymedia
2007-12-15 16:07 --------- d-----w C:\Program Files\FireFly Studios
2007-12-15 16:07 --------- d-----w C:\Program Files\Astronoid
2007-12-15 16:07 --------- d-----w C:\Program Files\Absolutist.com
2007-12-15 16:07 --------- d-----w C:\Program Files\3D-WinBrick2001
2007-12-10 19:08 --------- d-----w C:\Program Files\Micro Application
2007-12-04 14:56 93,264 ----a-w C:\windows\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\windows\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\windows\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\windows\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\windows\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\windows\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\windows\system32\AVASTSS.scr
2007-12-03 12:34 282,624 ----a-w C:\windows\system32\Adssite_sidebar.dll
2007-12-01 08:59 --------- d-----w C:\Program Files\Alawar
2007-12-01 08:47 --------- d-----w C:\Program Files\AllFive XP
2007-11-28 10:04 --------- d-----w C:\Program Files\MSN Games
2007-11-07 09:28 728,576 ----a-w C:\windows\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\windows\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\windows\system32\wmasf.dll
2000-01-07 09:53 696,320 ----a-w C:\Program Files\Fichiers communs\XCMHook.dll
2000-01-06 13:57 24,576 ----a-w C:\Program Files\Fichiers communs\XCPCMenu.exe
2006-02-11 21:25 104 --sh--r C:\windows\system32\01A5505DC2.sys
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_19.10.56.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 00:21:00 118,784 ----a-w C:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-20 11:43:24 77,824 ----a-w C:\windows\BDOSCAN8\bdupd.dll
- 2008-01-17 17:58:30 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 07:00:44 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 17:58:30 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 07:00:44 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 17:58:30 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 07:00:44 729,088 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 17:58:31 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 07:00:44 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 17:58:31 7,634,944 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-23 07:00:45 7,634,944 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 17:58:31 147,456 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 07:00:45 147,456 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 03:53:33 163,328 ----a-w C:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-22 22:22:46 7,634,944 ----a-w C:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-22 22:22:47 147,456 ----a-w C:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-22 03:53:33 163,328 ----a-w C:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-22 22:22:27 7,634,944 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-22 22:22:27 147,456 ----a-w C:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-16 18:34:48 213,048 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-23 06:39:52 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06 204843]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 08:42 35328]
"ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2005-05-27 14:59 323584]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2006-03-27 21:09 24576]
"BigDogPath"="C:\windows\VM_STI.exe" [2004-06-09 15:37 40960]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=C:\windows\pss\GStartup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=C:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Fichiers communs\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\windows\System32\P2P Networking\P2P Networking.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-30 16:35 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whAgent.exe
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [2005-01-13 18:09]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
S2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" []
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;C:\windows\system32\DRIVERS\DC31VID.sys []
S3 PA7333I;Kodak Webcam Explorer Bulk Mode Device;C:\windows\system32\DRIVERS\DC31Bulk.sys []
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-07-22 15:09]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 08:08:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
rapport hijackthis!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windows\system32\spoolsv.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX09.220\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe (file missing)
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windows\system32\spoolsv.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX09.220\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe (file missing)
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
Slt,
On arrête le service puis on le désactive :
_____________________________________________________
Arrête ces services
services à arrêter : KAV Monitor Service (KAVMonitorService), Service Framework McAfee (McAfeeFramework), F-Secure Windows Security Center Legacy Detection Service (Fswsclds) et pour finir, Symantec SPBBCSvc (SPBBCSvc).
pour ça fais cette manip :
Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».
_____________________________________________________
Ok, post un rapport hijackthis.
Pour le blocage MSN, c'est normal
++
On arrête le service puis on le désactive :
_____________________________________________________
Arrête ces services
services à arrêter : KAV Monitor Service (KAVMonitorService), Service Framework McAfee (McAfeeFramework), F-Secure Windows Security Center Legacy Detection Service (Fswsclds) et pour finir, Symantec SPBBCSvc (SPBBCSvc).
pour ça fais cette manip :
Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».
_____________________________________________________
Ok, post un rapport hijackthis.
Pour le blocage MSN, c'est normal
++
j'ai fait la manip du post 53 ,rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windows\system32\spoolsv.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX00.261\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\windows\system32\spoolsv.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX00.261\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
j'ai refait un scan avast ,j'ai réussi a mettre les fichiers infectés en quarantaine et je ne pense plus avoir d'alerte ,ce vilain virus seais t il supprimé? éradiqué de mon pc????
Une derniere chose :
Kill Adssite :
Télécharge ce fichier :
https://3a6249fb-a-62cb3a1a-s-sites.googlegroups.com/site/dcangeldark/Kill_Adssite.zip?attachauth=ANoY7cpRWBfHsjuUtXZm7O4gV7WXXvxoLJ-TUP99ktFmVi2pEXSTZPNyF5UFeqWMsQcqd3ryZTikvN1on7hoH1XPyXy7qmp0JdS1s633s-IOhSn4lawPBaW2N9oZF7BGPV3Iec0zg3VoGioRcpfS2G8Pzg-CFokFx5vmq6OLijndTPDrcDyQi6Q3X-jx0qwnNQ7xJeaKpqRCVGFNyqNBVBmC_eYqmp8xMQ%3D%3D&attredirects=3
Dézippe-le
puis lance Kill.cmd.
et Poste le rapport.
Merci
Kill Adssite :
Télécharge ce fichier :
https://3a6249fb-a-62cb3a1a-s-sites.googlegroups.com/site/dcangeldark/Kill_Adssite.zip?attachauth=ANoY7cpRWBfHsjuUtXZm7O4gV7WXXvxoLJ-TUP99ktFmVi2pEXSTZPNyF5UFeqWMsQcqd3ryZTikvN1on7hoH1XPyXy7qmp0JdS1s633s-IOhSn4lawPBaW2N9oZF7BGPV3Iec0zg3VoGioRcpfS2G8Pzg-CFokFx5vmq6OLijndTPDrcDyQi6Q3X-jx0qwnNQ7xJeaKpqRCVGFNyqNBVBmC_eYqmp8xMQ%3D%3D&attredirects=3
Dézippe-le
puis lance Kill.cmd.
et Poste le rapport.
Merci
voici :
C:\windows\system32\adssite_sidebar.dll - [b]Trouve[/b] !
C:\windows\system32\adssite_sidebar.dll - Supprime !
----------
C:\windows\system32\adssite_sidebar_uninstall.exe - [b]Trouve[/b] !
C:\windows\system32\adssite_sidebar_uninstall.exe - Supprime !
----------
C:\windows\system32\rightonadz-uninst.exe - [b]Trouve[/b] !
C:\windows\system32\rightonadz-uninst.exe - Supprime !
----------
C:\windows\system32\adssite-remove.exe - [b]Trouve[/b] !
C:\windows\system32\adssite-remove.exe - Supprime !
----------
C:\windows\system32\adssite_sidebar.dll - [b]Trouve[/b] !
C:\windows\system32\adssite_sidebar.dll - Supprime !
----------
C:\windows\system32\adssite_sidebar_uninstall.exe - [b]Trouve[/b] !
C:\windows\system32\adssite_sidebar_uninstall.exe - Supprime !
----------
C:\windows\system32\rightonadz-uninst.exe - [b]Trouve[/b] !
C:\windows\system32\rightonadz-uninst.exe - Supprime !
----------
C:\windows\system32\adssite-remove.exe - [b]Trouve[/b] !
C:\windows\system32\adssite-remove.exe - Supprime !
----------
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Extrafilm FotoFacil\Agent.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX00.147\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Extrafilm FotoFacil\Agent.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX00.147\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
Salut,
Mets JAVA à jour :
https://www.java.com/fr/download/manual.jsp
____________________________________________________
Vois tu des problèmes sur ton PC ?
Avast detecte t'il encore quelque chose ?
++
Mets JAVA à jour :
https://www.java.com/fr/download/manual.jsp
____________________________________________________
Vois tu des problèmes sur ton PC ?
Avast detecte t'il encore quelque chose ?
++
